You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rm...@apache.org on 2014/08/20 20:58:48 UTC

svn commit: r1619206 - in /tomee/tomee/trunk/container/openejb-core/src: main/java/org/apache/openejb/core/security/SecurityServiceImpl.java test/java/org/apache/openejb/core/security/SecurityServiceImplTest.java

Author: rmannibucau
Date: Wed Aug 20 18:58:48 2014
New Revision: 1619206

URL: http://svn.apache.org/r1619206
Log:
OPENEJB-2102 correct path decoding for login.config

Added:
    tomee/tomee/trunk/container/openejb-core/src/test/java/org/apache/openejb/core/security/SecurityServiceImplTest.java
Modified:
    tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java

Modified: tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java
URL: http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java?rev=1619206&r1=1619205&r2=1619206&view=diff
==============================================================================
--- tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java (original)
+++ tomee/tomee/trunk/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java Wed Aug 20 18:58:48 2014
@@ -21,13 +21,12 @@ import org.apache.openejb.core.security.
 import org.apache.openejb.core.security.jacc.BasicJaccProvider;
 import org.apache.openejb.loader.SystemInstance;
 import org.apache.openejb.util.ConfUtils;
+import org.apache.xbean.finder.archive.FileArchive;
 
 import javax.security.auth.Subject;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
-import java.io.UnsupportedEncodingException;
 import java.net.URL;
-import java.net.URLDecoder;
 import java.util.Map;
 import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
@@ -68,12 +67,7 @@ public class SecurityServiceImpl extends
         }
 
         final URL loginConfig = ConfUtils.getConfResource("login.config");
-
-        try {
-            System.setProperty("java.security.auth.login.config", URLDecoder.decode(loginConfig.toExternalForm(), "UTF8"));
-        } catch (final UnsupportedEncodingException e) {
-            System.setProperty("java.security.auth.login.config", URLDecoder.decode(loginConfig.toExternalForm()));
-        }
+        System.setProperty("java.security.auth.login.config", FileArchive.decode(loginConfig.toExternalForm()));
     }
 
     @Override

Added: tomee/tomee/trunk/container/openejb-core/src/test/java/org/apache/openejb/core/security/SecurityServiceImplTest.java
URL: http://svn.apache.org/viewvc/tomee/tomee/trunk/container/openejb-core/src/test/java/org/apache/openejb/core/security/SecurityServiceImplTest.java?rev=1619206&view=auto
==============================================================================
--- tomee/tomee/trunk/container/openejb-core/src/test/java/org/apache/openejb/core/security/SecurityServiceImplTest.java (added)
+++ tomee/tomee/trunk/container/openejb-core/src/test/java/org/apache/openejb/core/security/SecurityServiceImplTest.java Wed Aug 20 18:58:48 2014
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.core.security;
+
+import org.apache.openejb.util.ArrayEnumeration;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.lang.reflect.Method;
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.util.Enumeration;
+import java.util.concurrent.atomic.AtomicReference;
+
+import static java.util.Arrays.asList;
+import static org.junit.Assert.assertEquals;
+
+public class SecurityServiceImplTest {
+    @Test
+    public void plusInPath() throws Exception {
+        final AtomicReference<String> path = new AtomicReference<>();
+        final ClassLoader jaasLoader = new URLClassLoader(new URL[0]) {
+            @Override
+            public Enumeration<URL> getResources(final String name) throws IOException {
+                return new ArrayEnumeration(asList(new URL("file:/tmp/jaas/folder+with+plus/login.config")));
+            }
+        };
+        Thread.currentThread().setContextClassLoader(jaasLoader);
+        try {
+            final Method mtd = SecurityServiceImpl.class.getDeclaredMethod("installJaas");
+            mtd.setAccessible(true);
+            mtd.invoke(null);
+            final String config = System.getProperty("java.security.auth.login.config");
+            assertEquals("file:/tmp/jaas/folder+with+plus/login.config", config);
+        } finally {
+            Thread.currentThread().setContextClassLoader(jaasLoader.getParent());
+        }
+    }
+}